Ipsec header options, Figure 60, Figure 61 – Dell POWEREDGE M1000E User Manual
Page 258: Ah he
230
Web Tools Administrator’s Guide
53-1001772-01
IPsec concepts
17
DRAFT: BROCADE CONFIDENTIAL
provides a basic visual comparison of how transport mode and tunnel mode modify an IP
datagram.
FIGURE 60
Transport mode and tunnel mode comparison
IPsec header options
IPsec adds headers to an IP datagram to enable authentication and privacy. There are two options:
•
Authentication Header (AH)
•
Encapsulating Security Payload (ESP)
Authentication Header
AH can be used to authenticate a data stream, but does not provide encryption needed for privacy.
The AH contains a message authentication code (MAC). The MAC is created by a hash algorithm
calculation. The MAC is transmitted in an IP datagram. The same hash algorithm is then used by
the receiver to verify the integrity of the packet. AH can be used in either transport mode or tunnel
mode, as shown in
.
FIGURE 61
AH header in transport mode and tunnel mode